BookStack/app/Users/Controllers/RoleController.php

<?php

namespace BookStack\Users\Controllers;

use BookStack\Exceptions\PermissionsException;
use BookStack\Http\Controller;
use BookStack\Permissions\PermissionsRepo;
use BookStack\Users\Models\Role;
use BookStack\Users\Queries\RolesAllPaginatedAndSorted;
use BookStack\Util\SimpleListOptions;
use Exception;
use Illuminate\Http\Request;

class RoleController extends Controller
{
    public function __construct(
        protected PermissionsRepo $permissionsRepo
    ) {
    }

    /**
     * Show a listing of the roles in the system.
     */
    public function index(Request $request)
    {
        $this->checkPermission('user-roles-manage');

        $listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
            'display_name' => trans('common.sort_name'),
            'users_count' => trans('settings.roles_assigned_users'),
            'permissions_count' => trans('settings.roles_permissions_provided'),
            'created_at' => trans('common.sort_created_at'),
            'updated_at' => trans('common.sort_updated_at'),
        ]);

        $roles = (new RolesAllPaginatedAndSorted())->run(20, $listOptions);
        $roles->appends($listOptions->getPaginationAppends());

        $this->setPageTitle(trans('settings.roles'));

        return view('settings.roles.index', [
            'roles'       => $roles,
            'listOptions' => $listOptions,
        ]);
    }

    /**
     * Show the form to create a new role.
     */
    public function create(Request $request)
    {
        $this->checkPermission('user-roles-manage');

        /** @var ?Role $role */
        $role = null;
        if ($request->has('copy_from')) {
            $role = Role::query()->find($request->get('copy_from'));
        }

        if ($role) {
            $role->display_name .= ' (' . trans('common.copy') . ')';
        }

        $this->setPageTitle(trans('settings.role_create'));

        return view('settings.roles.create', ['role' => $role]);
    }

    /**
     * Store a new role in the system.
     */
    public function store(Request $request)
    {
        $this->checkPermission('user-roles-manage');
        $data = $this->validate($request, [
            'display_name' => ['required', 'min:3', 'max:180'],
            'description'  => ['max:180'],
            'external_auth_id' => ['string'],
            'permissions'  => ['array'],
            'mfa_enforced' => ['string'],
        ]);

        $data['permissions'] = array_keys($data['permissions'] ?? []);
        $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
        $this->permissionsRepo->saveNewRole($data);

        return redirect('/settings/roles');
    }

    /**
     * Show the form for editing a user role.
     */
    public function edit(string $id)
    {
        $this->checkPermission('user-roles-manage');
        $role = $this->permissionsRepo->getRoleById($id);

        $this->setPageTitle(trans('settings.role_edit'));

        return view('settings.roles.edit', ['role' => $role]);
    }

    /**
     * Updates a user role.
     */
    public function update(Request $request, string $id)
    {
        $this->checkPermission('user-roles-manage');
        $data = $this->validate($request, [
            'display_name' => ['required', 'min:3', 'max:180'],
            'description'  => ['max:180'],
            'external_auth_id' => ['string'],
            'permissions'  => ['array'],
            'mfa_enforced' => ['string'],
        ]);

        $data['permissions'] = array_keys($data['permissions'] ?? []);
        $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
        $this->permissionsRepo->updateRole($id, $data);

        return redirect('/settings/roles');
    }

    /**
     * Show the view to delete a role.
     * Offers the chance to migrate users.
     */
    public function showDelete(string $id)
    {
        $this->checkPermission('user-roles-manage');
        $role = $this->permissionsRepo->getRoleById($id);
        $roles = $this->permissionsRepo->getAllRolesExcept($role);
        $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
        $roles->prepend($blankRole);

        $this->setPageTitle(trans('settings.role_delete'));

        return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
    }

    /**
     * Delete a role from the system,
     * Migrate from a previous role if set.
     *
     * @throws Exception
     */
    public function delete(Request $request, string $id)
    {
        $this->checkPermission('user-roles-manage');

        try {
            $migrateRoleId = intval($request->get('migrate_role_id') ?: "0");
            $this->permissionsRepo->deleteRole($id, $migrateRoleId);
        } catch (PermissionsException $e) {
            $this->showErrorNotification($e->getMessage());

            return redirect()->back();
        }

        return redirect('/settings/roles');
    }
}
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`<?php`

Played around with a new app structure 2023-05-18 00:56:55 +08:00			`namespace BookStack\Users\Controllers;`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00
Fleshed out entity provided and optimized imports 2018-09-25 23:58:03 +08:00			`use BookStack\Exceptions\PermissionsException;`
Cleaned up namespacing in routes Also moved home controller and moved controllers up a level in http. 2023-05-19 03:53:39 +08:00			`use BookStack\Http\Controller;`
Played around with a new app structure 2023-05-18 00:56:55 +08:00			`use BookStack\Permissions\PermissionsRepo;`
			`use BookStack\Users\Models\Role;`
			`use BookStack\Users\Queries\RolesAllPaginatedAndSorted;`
Refactored common list handling operations to new class 2022-10-30 23:16:06 +08:00			`use BookStack\Util\SimpleListOptions;`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 21:55:01 +08:00			`use Exception;`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`use Illuminate\Http\Request;`

Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-21 02:53:01 +08:00			`class RoleController extends Controller`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`{`
Notifications: Added role receive-notifications permission 2023-07-26 00:59:04 +08:00			`public function __construct(`
			`protected PermissionsRepo $permissionsRepo`
			`) {`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`}`

			`/**`
			`* Show a listing of the roles in the system.`
			`*/`
Revised role index list to align with user list 2022-10-30 03:52:17 +08:00			`public function index(Request $request)`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`{`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`$this->checkPermission('user-roles-manage');`
Revised role index list to align with user list 2022-10-30 03:52:17 +08:00
Refactored common list handling operations to new class 2022-10-30 23:16:06 +08:00			`$listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([`
			`'display_name' => trans('common.sort_name'),`
			`'users_count' => trans('settings.roles_assigned_users'),`
			`'permissions_count' => trans('settings.roles_permissions_provided'),`
			`'created_at' => trans('common.sort_created_at'),`
			`'updated_at' => trans('common.sort_updated_at'),`
			`]);`
Revised role index list to align with user list 2022-10-30 03:52:17 +08:00
Refactored common list handling operations to new class 2022-10-30 23:16:06 +08:00			`$roles = (new RolesAllPaginatedAndSorted())->run(20, $listOptions);`
			`$roles->appends($listOptions->getPaginationAppends());`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Added page titles to many missing app areas Many pages were missing their unique tab/page titles so this change is just to distribute them back over many common areas where they were missing. 2022-01-04 21:33:24 +08:00			`$this->setPageTitle(trans('settings.roles'));`
Applied latest styleCI changes 2022-01-06 20:18:11 +08:00
Revised role index list to align with user list 2022-10-30 03:52:17 +08:00			`return view('settings.roles.index', [`
			`'roles' => $roles,`
Refactored common list handling operations to new class 2022-10-30 23:16:06 +08:00			`'listOptions' => $listOptions,`
Revised role index list to align with user list 2022-10-30 03:52:17 +08:00			`]);`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`}`

Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`/**`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`* Show the form to create a new role.`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`*/`
Added ability to copy a role - Copies via loading in model on create view. - Updated role views while editing to bring up to similar format as that used for more modern app areas. - Added tests to cover. Related to #1123 2021-12-19 20:27:14 +08:00			`public function create(Request $request)`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`{`
			`$this->checkPermission('user-roles-manage');`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Added ability to copy a role - Copies via loading in model on create view. - Updated role views while editing to bring up to similar format as that used for more modern app areas. - Added tests to cover. Related to #1123 2021-12-19 20:27:14 +08:00			`/** @var ?Role $role */`
			`$role = null;`
			`if ($request->has('copy_from')) {`
			`$role = Role::query()->find($request->get('copy_from'));`
			`}`

			`if ($role) {`
			`$role->display_name .= ' (' . trans('common.copy') . ')';`
			`}`

Added page titles to many missing app areas Many pages were missing their unique tab/page titles so this change is just to distribute them back over many common areas where they were missing. 2022-01-04 21:33:24 +08:00			`$this->setPageTitle(trans('settings.role_create'));`
Applied latest styleCI changes 2022-01-06 20:18:11 +08:00
Added ability to copy a role - Copies via loading in model on create view. - Updated role views while editing to bring up to similar format as that used for more modern app areas. - Added tests to cover. Related to #1123 2021-12-19 20:27:14 +08:00			`return view('settings.roles.create', ['role' => $role]);`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`}`

			`/**`
			`* Store a new role in the system.`
			`*/`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-21 02:53:01 +08:00			`public function store(Request $request)`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`{`
			`$this->checkPermission('user-roles-manage');`
Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-19 02:36:34 +08:00			`$data = $this->validate($request, [`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-05 08:26:55 +08:00			`'display_name' => ['required', 'min:3', 'max:180'],`
Added ability to copy a role - Copies via loading in model on create view. - Updated role views while editing to bring up to similar format as that used for more modern app areas. - Added tests to cover. Related to #1123 2021-12-19 20:27:14 +08:00			`'description' => ['max:180'],`
Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-19 02:36:34 +08:00			`'external_auth_id' => ['string'],`
			`'permissions' => ['array'],`
			`'mfa_enforced' => ['string'],`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`]);`

Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-19 02:36:34 +08:00			`$data['permissions'] = array_keys($data['permissions'] ?? []);`
			`$data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';`
			`$this->permissionsRepo->saveNewRole($data);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`return redirect('/settings/roles');`
			`}`

Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`/**`
			`* Show the form for editing a user role.`
			`*/`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-21 02:53:01 +08:00			`public function edit(string $id)`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`{`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`$this->checkPermission('user-roles-manage');`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`$role = $this->permissionsRepo->getRoleById($id);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Added page titles to many missing app areas Many pages were missing their unique tab/page titles so this change is just to distribute them back over many common areas where they were missing. 2022-01-04 21:33:24 +08:00			`$this->setPageTitle(trans('settings.role_edit'));`
Applied latest styleCI changes 2022-01-06 20:18:11 +08:00
Updated auth pages to new design, Removed public layout 2019-02-04 01:34:15 +08:00			`return view('settings.roles.edit', ['role' => $role]);`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`}`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00
			`/**`
			`* Updates a user role.`
			`*/`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-21 02:53:01 +08:00			`public function update(Request $request, string $id)`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`{`
			`$this->checkPermission('user-roles-manage');`
Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-19 02:36:34 +08:00			`$data = $this->validate($request, [`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-05 08:26:55 +08:00			`'display_name' => ['required', 'min:3', 'max:180'],`
Added ability to copy a role - Copies via loading in model on create view. - Updated role views while editing to bring up to similar format as that used for more modern app areas. - Added tests to cover. Related to #1123 2021-12-19 20:27:14 +08:00			`'description' => ['max:180'],`
Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-19 02:36:34 +08:00			`'external_auth_id' => ['string'],`
			`'permissions' => ['array'],`
			`'mfa_enforced' => ['string'],`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`]);`

Fixed unselectable checkbox role form options 2023-02-20 00:03:50 +08:00			`$data['permissions'] = array_keys($data['permissions'] ?? []);`
			`$data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';`
Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-19 02:36:34 +08:00			`$this->permissionsRepo->updateRole($id, $data);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`return redirect('/settings/roles');`
			`}`

			`/**`
			`* Show the view to delete a role.`
			`* Offers the chance to migrate users.`
			`*/`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-21 02:53:01 +08:00			`public function showDelete(string $id)`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`{`
			`$this->checkPermission('user-roles-manage');`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`$role = $this->permissionsRepo->getRoleById($id);`
			`$roles = $this->permissionsRepo->getAllRolesExcept($role);`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`$blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`$roles->prepend($blankRole);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Added page titles to many missing app areas Many pages were missing their unique tab/page titles so this change is just to distribute them back over many common areas where they were missing. 2022-01-04 21:33:24 +08:00			`$this->setPageTitle(trans('settings.role_delete'));`
Applied latest styleCI changes 2022-01-06 20:18:11 +08:00
Updated auth pages to new design, Removed public layout 2019-02-04 01:34:15 +08:00			`return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`}`

			`/**`
			`* Delete a role from the system,`
			`* Migrate from a previous role if set.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above. 2020-08-04 21:55:01 +08:00			`* @throws Exception`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`*/`
Implemented user, api_tokem & role activity logging Also refactored some role content, primarily updating the permission controller to be RoleController since it only dealt with roles. 2020-11-21 02:53:01 +08:00			`public function delete(Request $request, string $id)`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`{`
			`$this->checkPermission('user-roles-manage');`

Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`try {`
Fixed delete role failing with no migrate role provided For #4128 2023-03-25 20:07:59 +08:00			`$migrateRoleId = intval($request->get('migrate_role_id') ?: "0");`
			`$this->permissionsRepo->deleteRole($id, $migrateRoleId);`
Refactored some permission controls and increased testing for roles system 2016-03-03 06:35:01 +08:00			`} catch (PermissionsException $e) {`
Entity Repo & Controller Refactor (#1690) * Started mass-refactoring of the current entity repos * Rewrote book tree logic - Now does two simple queries instead of one really complex one. - Extracted logic into its own class. - Remove model-level akward union field listing. - Logic now more readable than being large separate query and compilation functions. * Extracted and split book sort logic * Finished up Book controller/repo organisation * Refactored bookshelves controllers and repo parts * Fixed issues found via phpunit * Refactored Chapter controller * Updated Chapter export controller * Started Page controller/repo refactor * Refactored another chunk of PageController * Completed initial pagecontroller refactor pass * Fixed tests and continued reduction of old repos * Removed old page remove and further reduced entity repo * Removed old entity repo, split out page controller * Ran phpcbf and split out some page content methods * Tidied up some EntityProvider elements * Fixed issued caused by viewservice change 2019-10-05 19:55:01 +08:00			`$this->showErrorNotification($e->getMessage());`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`return redirect()->back();`
			`}`

			`return redirect('/settings/roles');`
			`}`
Started work on exposing the role system as editable 2016-02-27 07:44:02 +08:00			`}`